Itsme® is a mobile app that makes identifying yourself online significantly easier. Launched by Belgian Mobile ID (a consortium of Belgium’s three largest telecom operators and four major banks), the app enables users to identify themselves online using their mobile phone just as securely as they would using their eID. An important shift in the banking world, according to IT architect Sven Rosiers whom we interviewed about the application and the impact it will have on financial organisations.
Rosiers explains why the need for itsme® arose: “It’s a clear signal that the big bank players are facing an increasingly mobile world with specific security challenges. Target audiences have changed tremendously. Mobile presence is essential if you want younger generations to notice you. The card reader traditionally used for online authentication no longer measures up to users’ current standards.”
Itsme® is a solution fully geared to those new needs. The underlying mechanism or structure, however, has remained similar. Based on Multifactor Authentication technology, itsme® allows smartphone users with a SIM card to initiate the authentication process simply by entering a PIN code or using their fingerprint. In short, the app enables customers to identify themselves based on those 3 factors in a unique and secure manner using patented technology.
The challenges financial institutions must overcome to integrate itsme® with their services mostly come down to the business side of things, explains Rosiers: “AE are usually consulted to help organisations approach this type of challenges from a technical point of view. Acting as their partner, we assist our clients in identifying the changes in their application landscape necessary to achieve full integration. Yet I often notice the technical debate quickly turns into questions concerning the business impact of it all.” Traditionally focusing on their internal processes rather than their environment, banks tend to be conservative in their security solutions and rather reluctant to integrate with other services. Meanwhile, itsme® challenges them to outsource a significant part of their security efforts. Banks must therefore investigate whether itsme® is indeed adequately covered by, among other things, Belgian Mobile ID’s service levels.
Integrating itsme® encourages banks to have a closer look at their existing authentication solutions. Which services will they be using itsme® for? Which other processes should be phased out, and at what rate? How does itsme®’s reliability compare to that of current solutions? Will it enable banks to offer customers the same level of security as card readers currently do? All questions to which AE help find the answer. In co-creation with in-house teams devoted to business and enterprise architecture, AE sets out to discover all opportunities banks may seize to outline their customers’ mobile future.
Impact on the end user
Itsme® will undoubtedly affect financial service providers’ end users as well. Due to a large-scale awareness campaign and itsme evolving towards applications which are part of a broader market, it’s only a matter of time before users expect their bank to offer itsme as a standard application. Initially, though, this may lead to confusion, as itsme’s available functionalities may vary per bank, per channel or even per interaction. AE assist financial institutions in developing an optimal customer experience per channel, meeting all customer needs and expectations.
Itsme®: security and privacy
As with any security solution, itsme® is not entirely without risk. Sven Rosiers: “It’s an illusion to think that 100% safe solutions exist. We will only be able to pinpoint any technical problems once the first test case appears in the media.” Yet Rosiers is confident: “Since all telecom operators have jumped on the bandwagon, itsme® benefits from the security SIM cards offer by establishing a separate, secure connection over the mobile network. That means communications don’t necessarily have to take place over the internet. What’s more: because a part of the security algorithms can be implemented on the SIM card which is inaccessible for phone malware, this is one very robust solution.”
Itsme® takes care of any privacy issues end users may experience, too. The application, after all, creates one unique identity which is then linked to each of the user’s online accesses. An organisation gets access to all data after the permission from the end user via itsme®. To keep companies from intercepting all those data, Belgian Mobile ID ensures that identities are always broken down into parts. End users, in other words, can rest assured no company will find out which other companies they use their itsme® app for.
Sven Rosiers firmly believes in itsme®’s potential: “Although the service will initially be used as an optional application, I think itsme® will soon become the new standard. The government have also been on board for a while now. This year, tax-on-web users were able to sign their tax returns using the technology. Add to that the major banks who use the application as well, and it’s all too clear itsme® already supports a very broad market. I’m sure the rest of the market will soon follow soon.” Moreover, it’s not just financial players who benefit from the technology. Companies in all sectors who require customer identification or must obtain customer agreements will be able to deploy itsme® over time.
"Itsme® was developed with the highest level of safety in mind and therefore uses the most advanced software security combined with hardware security (in this case the SIM card as a so-called 'secure element'). In terms of data privacy, too, the bar has been set at the highest level and the user is central: itsme® gives you complete transparency and control over data sharing. As a result, as a company you are immediately 'compliant' with the recent European GDPR legislation. "
- Kris De Ryck, CEO Belgian Mobile ID